Security in the Electronic UniverseMajor Trends

Helmut LeopoldHead of Digital Safety & Security Department

AIT Austrian Institute of Technology

Dagstuhl,

April 15-17 2015

Dagstuhl Seminar 2015 on Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations

Cyber Security - Overview

ICT Trends in the „after-broadband century”

The Security problem

The Shift in user behavior

The IT industry problem

2

The „after-broadband“ ICT Trend – M2M Communication

Connected Utility

Intelligent energy production,distribution and use - renewable energy – smart grid

Ernergy management at home- smart home New energy storage (PHEV)

ConnectedPatients

Closed loop healthcare - Telemedicine for new widespread diseases – diabetes, cardic insufficiency, overweight

Prevention and care; Lifestyle management

Industry 4.0 Sensor networks for production Environmental sensors Smart cameras for public security

Connected Cars

60% of all innovation by electronics Intelligent traffic-control saves more CO2 as

estimated e-vehicle-fleet in 2030

Smart City

Environmental sensors Smart cameras for public security Citicen information systems eGovernment

ICT Trends result in complexity & impact

The complexity of ICT systems is increasing Landing on the moon with 7.500 Lines of Code Today: F-35 fighter jet: 5,7 Mio; Boeing 787: 6,5 Mio;

Mercedes S-Class: 20 Mio; Chevrolet Volt: 100 Mio.

Systems are getting more and more interconnected M2M Communication, Internet-of-Things (IoT), Always-On Systems of Systems Virtual Infrastructures (Cloud)

Industry trend towards open network architectures Open protocols (IP), industry standards Increased number of „third parties“

The dependency on ICT systems is increasing Smart Grid, Smart Home, Smart City, eGovernment, eCommerce, eHealth, eMobility, …critical infrastructure

421.04.23

Increased

Number of

VulnerabilitiesIncreased

Number of

Vulnerabilities

Increased

RiskIncreased

Risk

Increased

ImpactIncreased

Impact

Cascade

EffectsCascade

Effects

Emerging Communication Technology (1)Future Wireless Communication Systems

5

<2014: 2G, 3G, 4G, WLAN, …

always-onbroadbanddesigned for human-to-human or human-to-machine communications

>2020: Ultra-reliable wireless M2M communications (5G)

monitoring and control applicationslow-latency links (< 1ms)massive number of concurrent M2M linkscoordinated local and cellular com. systemsmove to mm-Wave frequencies > 30 GHz

Source: G. Fettweis, S. Alamouti, “5G: Personal mobile internet beyond what cellular did to telephony,” IEEE Commun. Mag., Feb. 2014.

6

Forecast

Decision Support System

Luft Verkehr WasserAirAir TrafficTraffic IndustryIndustry

Monitoring systems

Fusion of different sensor data

Velocity: real-time data generation

Veracity: data in doubt all sensor data have an uncertainty

how do we model/describe the behavior of people (social media)

Variety: Data sources are changing

Combination of real-time data with historical data

Modelling and Simulation

Emerging Communication Technology (2)Sensor Networks - Challenges

7

0

200

400

600

800

1000

1200

1400

1600

1800

2000

2005 2006 2007 2008 2009 2010 2011 2012

Exa

byt

es

Year

Digital Information Created, Captured, and Replicated Worldwide

Source: AIT Research, “The Diverse and Exploding Digital Universe” IDC White Paper, March 2008http://www.emc.com/collateral/analyst-reports/diverse-exploding-digital-universe.pdf

21.04.23

World-wide we produce more data than HW-Storage space is available!

World-wide we produce more data than HW-Storage space is available!

Knowledge can only be stored for a limited period of time - in 5 to 7 years the majority of today‘s data

will get lost.

Knowledge can only be stored for a limited period of time - in 5 to 7 years the majority of today‘s data

will get lost.

Which functions should be implemented in future networks, in order to enable next gen content management and application support? How do we store and retrieve the enormous amount

of data ? How to scale? How to automate? Next Gen Content Management

Research at AIT

BRITISHLIBRARY Source: digitalbevaring.dk

Multimedia Content: DataTextAudioImagesVideo

Emerging Communication Technology (3)Broadband Multimedia

Overview

ICT Trends in the „after-broadband century”

The Security Problem

The Shift in user behavior

The IT industry problem

8

Cyber Security – The Problem Statement

Increased system complexity decreased system understanding

Increased system complexity decreased system understanding

9

Increased use of ICT & networking dependability THE critical infrastructure

Increased use of ICT & networking dependability THE critical infrastructure

Cars EnergyPatient Home

Connected Connected EnvironmentMillennials

???„Classical security protection is dead“ 06.05.2014, DiePresse.com

Symantec/Norton

„Classical security protection is dead“ 06.05.2014, DiePresse.com

Symantec/Norton

50% of security breaches are supported by user interactions

The Cyber Security Problem is …

Source: Microsoft Security Intelligence Report 2011, Daten aus 1. HJ. 2011, http://www.microsoft.com/security/sir/default.aspx

A young discipline

Overview

ICT Trends in the „after-broadband century”

The Security problem

The Shift in user behavior

The IT industry problem

11

The Shift in User Behavior

1221.04.23

interdependency

Technology Society

(1) „The Generation Shift“

1321.04.23

Boomers … Technology to “re-invent his personality” Brought technology from the office to home

X-Generation … generation in contradiction Millennials …

PC, Internet and Mobile phones to network bring technologies from home to work

From the „Information society“ to the „networked society“.

Source: Alison Cerra „The Shift Digest“, Alcatel Lucent Study, 2012, www.theshiftonline.com

(2) „The Identity Shift“ – the 3 “Ps”

1421.04.23

By using new ICT technology , we change our behavior and usage patterns.

Source: Wikipedia

Source: Alison Cerra „The Shift Digest“, Alcatel Lucent Study, 2012, www.theshiftonline.com

Presentation seekers

Protection seekers

Preference seekers

Image of an individual within the society

How a person sees the privacy

On which information we base our decisions (to select products and friends)

(3) „The Content Shift“

1521.04.23

Democratisation of tools and production Easy consumption: lower cost, Internet, Tablet PCs, smart phones Connection of producer and customer on a flat market

Within a month there are more videos uploaded on to Youtube than from 3 US TV stations in 60 years

Source: Chris Anderson, „The Long Tail“, http://www.changethis.com/10.LongTail („in Wired 2004“), AIT Research,

A new ecosystem for content production and consumation – „Long Tail“

eGovernment, eHealth, eEnvironment,

social media@work

Connected TV Social TV Mobile TV Personal TV

(4) „The Cloud Shift“

1621.04.23

„Our head is in the cloud“

Source: Wikipedia

Data storage and processing are becoming virtual

“bring our own device“ – “data are ubiquitous in location and time”

“Outsourcing from information change our behavior”

Source: TIME Magazine, March 2012, AIT Research

„Digital Dementia“

Overview

ICT Trends in the „after-broadband century”

The Security problem

The Shift in user behavior

The IT industry problem

17

Next Generation Cyber Security

CAIS Cyber Attack Information System Recognizing the „unknown“ Information Sharing – CIIS Mitigation actions

Encryption - unbreakable keys Smart approaches without keys – Secret

Sharing07.02.2011

TrustSecurity

18

Governance Assurance

Risk Management

Top Management Visibility & Control

Start

Information Security

GovernanceLack of visibility of security status,

resources deployed, and overall

performance of programs

Why is information security important

to our organization?

Are we “secure”?

Cyber Security - Top Management Challenge

Loose scope definition of

information security activities creating conflict between

managers

Information security capabilities not linked to strategic business

objectives

Units not properly staffed or lack of qualified/trained

personnel on information security

topics

19Source: AIT research, Booz & Co

Not IT cost cutting but outcome based IT business

CIO roles in organization is

changing

CEOs try to solve the security problem with

yesterday´s logic (proprietary systems)

Application designers are the

new system experts

IT experts try to protect their

system expertise

Cyber Security vs. increase the productivity in firms

Technology change cycles are increasing ICT Systems complexity is increasing Potential security problems become

evident

Decreasing of IT-complexity by virtualization of ICT Services (Cloud Computing)

No harmonized governance frameworks in the different countries and markets Globalization of ICT-Service offerings

(economy of scale and scope) Privacy Data protection

20

Management tend to “protect” their systems public – private cloud no “connection” to the internet proprietary systems

Application designers are the new system experts Based on external IT-Services

(Cloud)

Change of the CIO role in companies Data Scientists, etc. more systems knowledge

Decreasing IT personnel resources Decreasing IT investments

Thank you for listening!

Helmut LeopoldHead of Digital Safety & Security Departmenthelmut.leopold@ait.ac.at

AIT Austrian Institute of TechnologyDigital Safety & Security Department

An idea is not a single thing.  

The trick to having good ideas is not to sit around in glorious isolation and try to think big thoughts. The trick

is to get more parts on the table, which enable us to combine and bring different parts together.

 A good idea is a network - it is all about bringing

people and ideas together .....

Steve Johnson, „Where do innovation or good ideas come from?”, 2010

21